Sign up
Sign up
The Department of Information Technology (IT) plays a key role in driving customer-focused innovation initiatives. It’s composed of three technical bureaus which are Application Services, Customer Success and Productivity, and Technology Infrastructure and Security. Collectively, the 95 staff members work together to provide essential services and technical support to all City staff and business functions. Most processes in the organization are dependent on technology to function; there is a continual need for technology solutions that meet business function and organizational needs, while balancing security and support requirements. The Chief Information Officer and the Assistant Director work together to set technology policy direction for the enterprise and establish a supportive, respectful, and inclusive culture in the department. They, together with the three Technology Managers, lead departmental staff in identifying, recommending, implementing, and maintaining technology and solutions to support the City’s business needs, while setting and enforcing organizational standards and policies.
The Chief Information Security Officer plays a critical role in ensuring the confidentiality, integrity, and availability of the organization's information assets and in managing and mitigating potential security risks. This position’s primary responsibility will be to protect the city's sensitive information assets, including customer data, intellectual property, and other confidential information. This position is on the City of Norfolk’s IT Leadership team, reporting to the Chief Information Officer.
Department Hiring Salary Range: $88,508 - $101,784
This position demands strong analytical, technical, relationship, and communication skills. The role of the CISO in local government includes the governance, risk, and compliance (GRC) function. The CISO is responsible for developing and implementing policies and procedures to protect the organization's information assets, as well as ensuring that the organization remains in compliance with relevant laws and regulations. The CISO also plays a critical role in managing the organization's cybersecurity budget.
The key responsibilities of the CISO will include the following:
Information Security Strategy: Developing and implementing a comprehensive information security strategy aligned with the city's goals and objectives. This involves assessing risks, defining security policies, and establishing security standards and guidelines.
Risk Management: Identifying, evaluating, and prioritizing potential information security risks to the City of Norfolk. Conducting risk assessments and developing risk mitigation strategies, including the selection and implementation of appropriate security controls.
Incident Response: Developing and implementing an incident response plan to effectively respond to and manage security incidents. Establishing protocols for incident reporting, investigation, containment, eradication, and recovery. Coordinating with relevant stakeholders, such as legal, human resources, and communications, to ensure an appropriate and timely response.
Security Awareness and Training: Promoting a culture of security awareness within the city through training and education programs to include KnowBe4. Ensuring that employees understand their roles and responsibilities in safeguarding information assets and adhering to security policies and procedures.
Compliance and Regulations: Ensuring compliance with relevant laws, regulations, and industry standards pertaining to information security. This includes keeping up to date with changing regulatory requirements and implementing necessary controls and procedures to meet compliance obligations.
Security Governance: Establishing and maintaining a governance framework for information security, including the development of security policies, standards, and procedures. Providing guidance and support to other business units and departments to ensure security considerations are integrated into their processes and systems, understanding that cybersecurity is a business issue, not an IT issue.
Security Architecture: Collaborating with IT and other relevant stakeholders to design and implement a secure technology infrastructure. This involves evaluating and selecting appropriate security technologies, conducting security reviews of system designs, and ensuring that security controls are integrated throughout the technology stack.
Vendor and Third-Party Risk Management: Assessing the security posture of vendors and third-party partners that have access to the organization's systems or data. Establishing and implementing processes to evaluate, monitor, and manage third-party risks effectively.
Security Incident Reporting and Metrics: Developing and maintaining security metrics and reporting mechanisms to provide regular updates to executive management and other stakeholders. Tracking key security indicators, such as incident trends, threat landscape, and security program effectiveness, to facilitate decision-making and continuous improvement.
Required Qualifications:
Preferred Qualifications:
The Department of Information Technology (IT) plays a key role in driving customer-focused innovation initiatives. It’s composed of three technical bureaus which are Application Services, Customer Success and Productivity, and Technology Infrastructure and Security. Collectively, the 95 staff members work together to provide essential services and technical support to all City staff and business functions. Most processes in the organization are dependent on technology to function; there is a continual need for technology solutions that meet business function and organizational needs, while balancing security and support requirements. The Chief Information Officer and the Assistant Director work together to set technology policy direction for the enterprise and establish a supportive, respectful, and inclusive culture in the department. They, together with the three Technology Managers, lead departmental staff in identifying, recommending, implementing, and maintaining technology and solutions to support the City’s business needs, while setting and enforcing organizational standards and policies.
The Chief Information Security Officer plays a critical role in ensuring the confidentiality, integrity, and availability of the organization's information assets and in managing and mitigating potential security risks. This position’s primary responsibility will be to protect the city's sensitive information assets, including customer data, intellectual property, and other confidential information. This position is on the City of Norfolk’s IT Leadership team, reporting to the Chief Information Officer.
Department Hiring Salary Range: $88,508 - $101,784